NSA surveillance threatens Facebook’s European operations yet again

WELCOME to Connected Rights, your cog in the wheel of digital rights news and analysis.

THE EU’S HIGHEST COURT IS GOING TO HAVE TO DECIDE whether the legal mechanism used by Facebook (and others) to send personal data to the U.S. is kosher or not: http://for.tn/2g8d0T2

This is essentially the same case that brought down the Safe Harbor agreement a couple years. This time Max Schrems, the Austrian complainant, is challenging the “standard contractual clauses” mechanism that Facebook had to fall back on when the Court of Justice of the European Union sunk Safe Harbor. The same basic problem applies: Facebook may promise that it will protect the privacy of people in the EU, but it has no way to stop the NSA shoving its nose into EU citizens’ data.

If the CJEU does sink standard contractual clauses, and if activists are successful with their challenges to Safe Harbor successor Privacy Shield (or if EU regulators decide Privacy Shield is a sham), then a lot of cloud and online communications companies are going to find it very difficult to transfer personal data from the EU to the US.

This does feel like we’re watching Act Three of a slow-motion train wreck. Schrems is delighted that the established facts of the case (as referred by the Irish High Court to the CJEU) accurately describe the surveillance situation in the US – the High Court said that Privacy Shield’s improvements over Safe Harbor, such as the new US privacy ombudsperson that’s supposed to deal with EU citizens’ complaints, don’t fix the core problems.

(Fun fact, with a hat-tip to Politico’s Mark Scott: the current temp ombudsperson, Judith Garber, is also acting assistant secretary for the Bureau of Oceans – truly, the Privacy Shield implementation is all at sea.)

Interestingly, Schrems reckons the CJEU’s future judgement could have an effect on surveillance within EU countries too – something that US observers have always pointed to when highlighting the Europeans’ hypocrisy over the issue: http://bit.ly/2xRATWM

AS IF TO DRIVE HOME THE WORRIES OVER U.S. SURVEILLANCE, it turns out that Donald Trump’s justice department is trying to pry information out of Facebook about people who liked or interacted with an anti-Donald Trump page on the site: http://for.tn/2x24hrk

This is actually tied to a case I wrote about a couple months back (http://bit.ly/2wxGtQn), in which Trump’s team was after information held by the “DisruptJ20” activists’ web host. This time it’s the DisruptJ20 Facebook page, and the American Civil Liberties Union has jumped on board to fight the notion that the DoJ can extract the information it wants and share it with other government departments.

In the words of ACLU lawyer Scott Michelman: “When law enforcement officers can comb through records concerning political organising in opposition to the very administration for which those officers work, the result is the chilling of First Amendment-protected political activity.”

Want to support this newsletter? If so, you’re awesome and you should be heading over to my Patreon page. Many thanks to those who are already contributing!

REPEATEDLY VIEWING ONLINE TERRORIST MATERIAL will be an offence that puts people behind bars for up to 15 years, British home secretary Amber Rudd has announced: http://bit.ly/2xUE9Cf

“This is incredibly dangerous,” said Open Rights Group executive director Jim Killock. “Journalists, anti-terror campaigns and others may need to view extremist content, regularly and frequently. People tempted towards extremism may fear discussing what they have read or seen with anyone in authority. Even potential informants may be dissuaded from coming forward because they are already criminalised.”

RUDD HAS ALSO ANNOUNCED HER PROUD IGNORANCE about encryption, telling delegates at a Conservative conference fringe meeting that she doesn’t need to understand how end-to-end encryption works to try cracking down on it: http://bit.ly/2yGwdC2

This is a classic case of politicians trying to sound tough. After all, the British government has already passed an Investigatory Powers Act that gives Rudd the means she needs to bypass encryption by hacking into suspects’ phones.

THE SPANISH AUTHORITIES’ CRACKDOWN on Catalonia’s independence referendum was most notable for its physical brutality, but there was a worrying online element too: http://bit.ly/2xXszXw

Not only were websites giving voting information shut down or blocked at the DNS level, but a court even ordered Google to remove from its Android store an app that was also designed to tell people where to vote: http://reut.rs/2fFDPgE

This sort of disproportionate tactic has horrified United Nations experts, but the response from EU officials has been worryingly muted. Yes, both sides may have made mistakes here (the referendum was illegal after all), but surely it can’t be acceptable for an EU member state to sweep away websites and apps like this without careful consideration of the impact on people’s fundamental rights to free speech and assembly.

GERMANY’S NEW ONLINE HATE SPEECH LAW is now in effect and, while it’s popularly known as the “Facebook law”, it could also have an effect on services such as Reddit and even Flickr: http://zd.net/2fNSxpD

Applying a hate speech law to image-sharing services may sound daft, but I’ve heard of cases where racist fake news did the rounds in Germany via textual images on Instagram. Anyhow, it’s not certain that Flickr, Reddit and Tumblr (!) will fall under the law – the main criterion is that the social networking service in question must have two million registered users in Germany.

If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at david@dmeyer.eu.

THE AUSTRALIAN GOVERNMENT WANTS TO BUILD a national facial recognition database, based on driver’s licence pictures and biometric passport photos: http://bit.ly/2fKg0EA

“Imagine the power of being able to identify, to be looking out for and identify a person suspected of being involved in terrorist activities walking into an airport, walking into a sporting stadium,” said prime minister Malcolm Turnbull, while claiming that the privacy implications are just fine because people put lots of information on Facebook anyway.

What if the database gets hacked, and everyone’s biometric facial details fall into criminal hands? “You can’t allow the risk of hacking to prevent you from doing everything you can to keep Australians safe,” said the master logician.

AMERICAN LEGISLATORS ARE CONCERNED that an always-on child monitor from Mattel, designed to track youngsters all the way into adolescence, might have negative privacy implications. Baffling, I know: http://bit.ly/2xdxks6

About the author

I’m David Meyer, a tech journalist with more than a decade’s experience writing about technology. I’ve covered many topics in that time, though I’m most interested in the policy decisions and technological breakthroughs that will shape our world. You can find me on Twitter as @superglaze and on Facebook as @davidmeyerwrites.